11.07.05
php4 + curl + https causes segfault
For the longest time I have been unable to decide between php4 and python as my preferred scripting language. Both languages are awesome, boast impressive libraries and user bases, and excellent documentation. While I am very fond of php4, for a while it was disappointing that php4 did not have a good CLI (command line interface). For a while I started moving all my sophisticated backend scripts to python. And then one day, I discovered that one of the php 4.3 releases contained a revamped ‘php4-cli’ with a distinct use different from ‘php4-cgi’. So needless to say, I am consolidating my efforts on php4.
Now my latest endeavor was porting a small python ‘curl’ like script. To port it over to php, I took advantage of the php curl libraries. At first I was executing the script under CLI and it worked fine. Later I tried to eexecute it via mod-php4 and it died miserably. The html output would just die at the curl_exec($ch);
After some looking I found this option:
curl_setopt($ch, CURLOPT_VERBOSE, 1);
And this generated the following nonsense in the apache error.log file:
* About to connect() to www.ups.com port 443
* Trying 153.2.228.50… * connected
* Connected to www.ups.com (153.2.228.50) port 443
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
[Sat Oct 29 02:32:39 2005] [notice] child pid 20202 exit signal Segmentation fault (11)
I searched on the internet and found some people with a similiar problem, but no clear cut resolutions. So I did the next most reasonable thing to do. I checked all my installed packages and then upgraded apache, php4, curl, and ssl. Yet still nothing. I’m sure the diehard unix people are immediately thinking its time for a stack trace, but I try to leave that as a last resort.
I read the php bug report 22213 and later this article on marc.thaimsgroup.com. What struck me as odd was that the guy recompiled openssl, and not curl. Later I checked the bug report again, and it just happened to be on the right spot:
[14 Feb 2003 8:41am CET] alan at pair dot com
Regarding notes/issues raised on bug #22112:
I made sure that apache is linking against only one copy of libssl and
libcrypto.
And then it struck me. I checked dpkg
ii libnet-ssleay- 1.22-1 Perl module for Secure Sockets Layer (SSL)
ii libssl-dev 0.9.8a-2 SSL development libraries, header files and
ii libssl0.9.6 0.9.6j-1 SSL shared libraries (old version)
ii libssl0.9.7 0.9.7g-5 SSL shared libraries
ii libssl0.9.8 0.9.8a-2 SSL shared libraries
ii openssl 0.9.8a-2 Secure Socket Layer (SSL) binary and related
and decided to try to remove the older versions of libssl. While only the 0.9.6 was freely removed, it did the trick. Now my log files show:
* About to connect() to www.ups.com port 443
* Trying 153.2.228.50… * connected
* Connected to www.ups.com (153.2.228.50) port 443
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL connection using DES-CBC3-MD5
* Server certificate:
* subject: /C=US/ST=New Jersey/L=Mahwah/O=United Parcel Service/OU=Internet System/OU=Terms of use at www.verisign.com/rpa (c)05/CN=www.ups.com
* start date: 2005-06-24 00:00:00 GMT
* expire date: 2006-07-24 23:59:59 GMT
* common name: www.ups.com (matched)
* issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
* SSL certificate verify ok.
> POST /ups.app/xml/Rate HTTP/1.1
Host: www.ups.com
Accept: */*
Content-type: application/x-www-form-urlencoded
Content-Length: 1431
Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Server: Netscape-Enterprise/6.0
< Date: Sat, 29 Oct 2005 08:05:22 GMT
< Content-length: 6820
< Pragma: no-cache
< Content-Type: application/xml
* Connection #0 to host www.ups.com left intact
* Closing connection #0
Problem solved.